Home Page


Firewall Topics

Application Control

Application Layer Filtering

Firewall Authentication

High Availability, Failover, RAID, Clustering, & Redundancy

IPS & IDS Systems

Load Balancing & Link Balancing


Network Firewall Buyers Guide

Next-Gen vs UTM

Packet Filtering

Parental Control

Perimeter Network or DMZ

Personal or Hardware Firewall?

Ports Protocols and IP Addresses


Stateful Packet Filtering



What is a Firewall?

Which Network Firewall?

Zero Day Protection



Packet Filtering & network security guide



The first generation hardware firewalls supported packet filtering which looks at each packet's source and destination IP addresses, ports and protocols. The packet itself is the actual traffic/data flowing in and out of the network. Packet filtering is controlled via ACL’s (Access Control Lists). ACL’s specify which IP addresses; ports and protocols are allowed in and out of the network. These ACL’s are rules and work from a top down approach, so the top rule is analysed first, and works its way down until a rule is hit. If no rule matches, then usually at the end is a deny all rule, which would deny the packet. In ACL’s the more specific rules are configured first, then general rules, and finally the deny all rule.

Today packet filtering is still very much the heart of hardware firewalls but is not enough on it’s own to fully protect the internal network. A firewall can be configured to stop certain IP addresses and services from communicating in and out of the network, however it must let some IP addresses and services in and out of the network as well in order to communicate with the outside world. These services that are allowed need be controlled and checked for malicious traffic.


Why Packet Filtering is limited

So a packet filtering example would say block everything into the network, however allow port 80 to allow external users access the company website. This is as far as packet filtering will go. These types of old traditional hardware firewalls would not be able to block on the application layer which hackers can exploit. Now the traffic that is allowed to this particular website, how is this checked and controlled? This is a job for application layer proxies, such as the HTTP proxy, most firewalls support today.

Packet filtering is very effective but also limited, and a few of the problems which stand out are they can not scan on the application layer for malicious traffic, they can not tell if IP addresses are spoofed, they have limited logging functionality, etc, which is why firewalls must also support other clever protection features and techniques alongside packet filters such as UTM features in order to provide a more complete security strategy on the gateway.

For further reading, there's some excellent electronic ebooks available for download from eBooks.com